CVE-2015-7871
published 2017-08-07CVE-2015-7871: Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
81.76%
99.6th percentile
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products_october_2015 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | ntp | < ntp 1:4.2.8p4+dfsg-1 (bullseye) | ntp 1:4.2.8p4+dfsg-1 (bullseye) |
| ntp | ntp | — | — |
| ntp | ntp | — | — |
| ntp | ntp | >= 0 < 1:4.2.8p4+dfsg-1 | 1:4.2.8p4+dfsg-1 |
| ntp | ntp | >= 0 < 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 |
| ntp | ntp | >= 4.2.6 < 4.2.8 | 4.2.8 |
| ntp | ntp | >= 4.3.0 < 4.3.77 | 4.3.77 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated symmetric active Crypto-NAK packets sent to ntpd on UDP/123; an off-path attacker transmits these to force ntpd to peer with attacker-controlled time sources. ↗
- →Monitor ntpd for unexpected new peer associations being established without prior authenticated exchange, especially ephemeral symmetric peers not in the configured peer list. ↗
- →Alert on ntpd declaring previously legitimate configured peers as 'false tickers', which may indicate an active CVE-2015-7871 exploitation attempt shifting time authority to rogue peers. ↗
- →Look for the PEVNT_AUTH / crypto_NAK event in ntpd logs (report_event with 'crypto_NAK' string) combined with peer flash flag TEST5 (bad auth) being set on an ephemeral association. ↗
- ·NTP 4.2.6 is NOT vulnerable to exploitation: while an ephemeral association can be temporarily created by the Crypto-NAK, it is immediately torn down via unpeer(), preventing any time manipulation. ↗
- ·Red Hat Enterprise Linux 5, 6, and 7 ship NTP versions that are not affected by CVE-2015-7871; do not prioritize patching effort on those platforms for this specific CVE. ↗
- ·The NTP service is deactivated by default on Siemens RUGGEDCOM ROX I and ROX II devices; attack surface only exists when NTP service is explicitly enabled. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_cisco7.5HIGH
vendor_ubuntu5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens TIM 4R-IE Devices
cisa_ics·2021-04-13·CVSS 7.5
[HIGH] Siemens TIM 4R-IE Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens TIM 4R-IE Devices
Last RevisedApril 13, 2021
Alert CodeICSA-21-103-11
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: TIM 4R-IE
- Vulnerabilities: Incorrect Type Conversion or Cast, Improper Input Validation, Improper Authentication, Security Features, Null Pointer Dereference, Data Processing Errors, Exposure of Sensitive Information to an Unauthorized Actor, Race Condition
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could compromise the confidentiality, integri
CISA ICS
Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities
cisa_ics·2018-08-27
Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities
Last RevisedAugust 27, 2018
Alert CodeICSA-15-356-01
## OVERVIEW
Siemens has reported to NCCIC/ICS-CERT that NTP daemon vulnerabilities exist in the Siemens RUGGEDCOM ROX-based devices. Siemens has produced firmware updates to mitigate these vulnerabilities.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following Siemens RUGGEDCOM ROX versions are affected when NTP service is activated:
- ROX II: All versions prior to 2.9.0, and
- ROX I: All versions.
The NTP service is deactivated on ROX
CISA ICS
Rockwell Automation Stratix 5900
cisa_ics·2017-05-10
Rockwell Automation Stratix 5900
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation Stratix 5900
Last RevisedMay 10, 2017
Alert CodeICSA-17-094-04
## CVSS v3 10.0
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Rockwell Automation
Equipment: Stratix 5900
Vulnerabilities: Improper Input Validation, Resource Management Errors, Improper Authentication, Path Traversal.
## REPOSTED INFORMATION
This advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT web site.
## AFFECTED PRODUCTS
Rockwell Automation reports that these vulnerabilities affect the following Strat
Ubuntu
NTP vulnerabilities
vendor_ubuntu·2015-10-27·CVSS 5.3
CVE-2015-5146 [MEDIUM] NTP vulnerabilities
Title: NTP vulnerabilities
Summary: Several security issues were fixed in NTP.
Aleksis Kauppinen discovered that NTP incorrectly handled certain remote
config packets. In a non-default configuration, a remote authenticated
attacker could possibly use this issue to cause NTP to crash, resulting in
a denial of service. (CVE-2015-5146)
Miroslav Lichvar discovered that NTP incorrectly handled logconfig
directives. In a non-default configuration, a remote authenticated attacker
could possibly use this issue to cause NTP to crash, resulting in a denial
of service. (CVE-2015-5194)
Miroslav Lichvar discovered that NTP incorrectly handled certain statistics
types. In a non-default configuration, a remote authenticated attacker
could possibly use this issue to cause NTP to crash, resulting in a
BSD
FreeBSD-SA-15:25.ntp: Multiple vulnerabilities of ntp [REVISED]
bsd_advisories·2015-10-26·CVSS 7.5
CVE-2014-9750 [HIGH] FreeBSD-SA-15:25.ntp: Multiple vulnerabilities of ntp [REVISED]
FreeBSD-SA-15:25.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp [REVISED]
Category: contrib
Module: ntp
Announced: 2015-10-26, revised on 2015-11-04
Credits: Network Time Foundation
Affects: All supported versions of FreeBSD.
Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE)
2015-11-04 11:27:13 UTC (releng/10.2, 10.2-RELEASE-p7)
2015-11-04 11:27:21 UTC (releng/10.1, 10.1-RELEASE-p24)
2015-11-02 10:39:26 UTC (stable/9, 9.3-STABLE)
2015-11-04 11:27:30 UTC (releng/9.3, 9.3-RELEASE-p30)
CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,
CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851,
CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855,
CVE-2015-7871
For general information regarding FreeBSD Security Advisories
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco·2015-10-22·CVSS 7.5
CVE-2015-7691 [HIGH] CWE-119 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server.
On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows:
CVE-2015-7691 - Denial of Service AutoKey Malicious Message
C
Red Hat
ntp: crypto-NAK symmetric association authentication bypass vulnerability
vendor_redhat·2015-10-21·CVSS 9.8
CVE-2015-7871 [CRITICAL] CWE-305 ntp: crypto-NAK symmetric association authentication bypass vulnerability
ntp: crypto-NAK symmetric association authentication bypass vulnerability
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Statement: This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Package: ntp (Red Hat Enterprise Linux 5) - Not affected
Package: ntp (Red Hat Enterprise Linux 6) - Not affected
Package: ntp (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2015-7871: ntp - Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 ...
vendor_debian·2015·CVSS 9.8
CVE-2015-7871 [CRITICAL] CVE-2015-7871: ntp - Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 ...
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Scope: local
bullseye: resolved (fixed in 1:4.2.8p4+dfsg-1)
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7852 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7852: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7871 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7871: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7850 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7850: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7704 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7704: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7855 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7855: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7853 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7853: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7851 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7851: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7705 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7705: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7849 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7849: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7703 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7703: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7854 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7854: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7702 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7702: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7701 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7701: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7691 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7691: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7848 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7848: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
vendor_cisco
CVE-2015-7692 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
CVE-2015-7692: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicio
GHSA
GHSA-mxc3-mjx4-gjc9: Crypto-NAK packets in ntpd in NTP 4
ghsa_unreviewed·2022-05-13
CVE-2015-7871 [CRITICAL] CWE-287 GHSA-mxc3-mjx4-gjc9: Crypto-NAK packets in ntpd in NTP 4
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
OSV
CVE-2015-7871: Crypto-NAK packets in ntpd in NTP 4
osv·2017-08-07·CVSS 9.8
CVE-2015-7871 [CRITICAL] CVE-2015-7871: Crypto-NAK packets in ntpd in NTP 4
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
OSV
ntp vulnerabilities
osv·2015-10-27·CVSS 5.3
CVE-2015-5146 [MEDIUM] ntp vulnerabilities
ntp vulnerabilities
Aleksis Kauppinen discovered that NTP incorrectly handled certain remote
config packets. In a non-default configuration, a remote authenticated
attacker could possibly use this issue to cause NTP to crash, resulting in
a denial of service. (CVE-2015-5146)
Miroslav Lichvar discovered that NTP incorrectly handled logconfig
directives. In a non-default configuration, a remote authenticated attacker
could possibly use this issue to cause NTP to crash, resulting in a denial
of service. (CVE-2015-5194)
Miroslav Lichvar discovered that NTP incorrectly handled certain statistics
types. In a non-default configuration, a remote authenticated attacker
could possibly use this issue to cause NTP to crash, resulting in a denial
of service. (CVE-2015-5195)
Miroslav Lichvar discove
No detection rules found.
Bugzilla
CVE-2015-7692 CVE-2015-7871 CVE-2015-7852 CVE-2015-7701 CVE-2015-7702 CVE-2015-7691 ntp: various flaws [fedora-all]
bugzilla·2015-10-22·CVSS 7.5
CVE-2015-7692 [HIGH] CVE-2015-7692 CVE-2015-7871 CVE-2015-7852 CVE-2015-7701 CVE-2015-7702 CVE-2015-7691 ntp: various flaws [fedora-all]
CVE-2015-7692 CVE-2015-7871 CVE-2015-7852 CVE-2015-7701 CVE-2015-7702 CVE-2015-7691 ntp: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue a
Bugzilla
CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
bugzilla·2015-10-22·CVSS 9.8
CVE-2015-7871 [CRITICAL] CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
The following flaw was found in ntpd:
An error handling logic error exists within ntpd that manifests due to improper error condition handling associated with certain crypto-NAK packets. An unauthenticated, off-path attacker can force ntpd processes on targeted servers to peer with time sources of the attacker's choosing by transmitting symmetric active crypto-NAK packets to ntpd. This attack bypasses the authentication typically required to establish a peer association and allows an attacker to make arbitrary changes to system time.
External References:
http://talosintel.com/reports/TALOS-2015-0069/
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
Discussion:
Talos
Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)
blogs_talos·2015-10-21
Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)
## Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)
Cisco is committed to improving the overall security of the products and services our customers rely on. As part of this commitment, Cisco assesses the security of software components used in our products. Open source software plays a key role in many Cisco products and as a result, ensuring the security of open source software components is vital, especially in the wake of major vulnerabilities such as Heartbleed and Shellshock.
In April 2014, the Linux Foundation spearheaded the creation of the Core Infrastructure Initiative in response to the disclosure of Heartbleed with the goal of securing open source projects that are widely used on the internet. As a member of the Linux Foundation Core Infrastruct
Talos
Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)
blogs_talos·2015-10-21
Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)
Cisco is committed to improving the overall security of the products and services our customers rely on. As part of this commitment, Cisco assesses the security of software components used in our products. Open source software plays a key role in many Cisco products and as a result, ensuring the security of open source software components is vital, especially in the wake of major vulnerabilities such as Heartbleed and Shellshock.
In April 2014, the Linux Foundation spearheaded the creation of the Core Infrastructure Initiative in response to the disclosure of Heartbleed with the goal of securing open source projects that are widely used on the internet. As a member of the Linux Foundation Core Infrastructure Initiative (CII) Steering Group, Cisco is contributing to the CII effort by evalu
http://support.ntp.org/bin/view/Main/NtpBug2941http://www.debian.org/security/2015/dsa-3388http://www.securityfocus.com/bid/77287http://www.securitytracker.com/id/1033951https://bugzilla.redhat.com/show_bug.cgi?id=1274265https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839https://security.gentoo.org/glsa/201604-03https://security.gentoo.org/glsa/201607-15https://security.netapp.com/advisory/ntap-20171004-0001/http://support.ntp.org/bin/view/Main/NtpBug2941http://www.debian.org/security/2015/dsa-3388http://www.securityfocus.com/bid/77287http://www.securitytracker.com/id/1033951https://bugzilla.redhat.com/show_bug.cgi?id=1274265https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839https://security.gentoo.org/glsa/201604-03https://security.gentoo.org/glsa/201607-15https://security.netapp.com/advisory/ntap-20171004-0001/
2017-08-07
Published